Shai-Hulud 2.0 npm Worm: 25K+ Repos Compromised
November 24, 2025 marked the most destructive npm supply chain attack in history. A self-replicating worm called Shai-Hulud 2.0 compromised 796 npm packages ...
VanJS: The 1KB Framework That’s Replacing React in 2025
Developers are ditching React's 140KB bundle for frameworks under 5KB. Discover why VanJS and other ...
React Server Components Hit by New DoS Vulnerability
React disclosed two new security vulnerabilities in React Server Components on December 11—a high-severity denial ...
React2Shell CVE-2025-55182: CVSS 10.0 RCE Fix Now
React developers face a critical security emergency: CVE-2025-55182, dubbed “React2Shell,” has achieved a perfect CVSS ...
Anthropic Acquires Bun: Claude Code Hits $1B in 6 Months
Anthropic acquired Bun, the fast JavaScript runtime, on December 2, 2025—marking the AI company’s first-ever ...
TypeScript 7 Native Port: 10x Faster Builds Land in Early 2026
Microsoft announced major progress on TypeScript 7 on December 2, revealing a native compiler rewrite in Go that delivers 8-10x faster build times. ...
Gatekeeping Killed Perl and It’s Killing Your Favorite Language Too
Perl dropped from ubiquity to 1% usage due to gatekeeping, not tech limits. Python hit ...
React2Shell: CVE-2025-55182 RCE Exploited in Hours
Meta disclosed CVE-2025-55182 on December 3, 2025 – a maximum severity 10.0 vulnerability in React ...
TypeScript Overtakes JavaScript on GitHub in 2025
TypeScript officially overtook JavaScript to become the #1 most-used language on GitHub in August 2025, ...
npm Shai-Hulud 2.0: 25,000+ Repos Compromised in 2 Days
Shai-Hulud 2.0 worm exploited npm preinstall scripts Nov 21-23, compromising 796 packages, 25,000+ repos, exposing ...